Since the keystore doesn't yet exist, it will be created, and you will be prompted for a keystore password; type whatever password you want. This will later be entered into NetBeans. For the purposes of this tutorial we will use password of "randomaccess123".

Note #1: If prompted for two passwords, I'm not sure exactly which is which, since the tutorial only addresses one of them. This will need clarification.

Note #2: Jarsigner.exe should not be called directly, as a version of it is included in javawebstart.anttasks.SignJarsTask (NetBeans uses it for Java Web Start, we are exploiting it's Jar Signing capabilities)

Note #3: Verification for clients: The keytool command will print out the certificate information and ask you to verify it, for example, by comparing the displayed certificate fingerprints with those obtained from another (trusted) source of information. For example, customers might call up MyCompany and ask what the fingerprints should be. You can get the fingerprints of the mycert.cer file by executing the command: > cd %PROGRAMFILES%\Java\jdk1*\bin
> keytool -printcert -file %USERPROFILE%\Documents\mycert.cer

Note #4: At some point Oracle made a change to the keytool command. It seems JDK 1.6.x uses "keytool -importcert" instead of JDK 1.5.x "keytool -import". The tutorial version should be backwards compatible. This will need clarification.